Trojan downloaders target Windows PCs

Page Tools

Four anti-virus companies and one email security firm have
warned Windows users to be on their guard against a number of
trojan downloaders which have been spreading in rather large
numbers since Tuesday.

Jakub Kaminski, a senior anti-virus researcher with Computer
Associates in Melbourne, said there had been four variants of the
trojan in two days.

He said the trojans would attempt to download the Bagle worm to
an infected computer.

McAfee, which reported repeated instances of one trojan, said it
was not a mass mailing threat, but a downloader that tried to
access files from the internet; it also attempted to disable a
range of anti-virus and security tools.

Another A-V firm, Sophos, had again noticed one particular
trojan which it said appeared to have been spammed out in many
countries, including Australia.

It also added that none of the websites which this trojan
attempted to connect to appeared to contain any malicious code as
yet.

However, Kaminski said all that was required was for a bit of
malicious code to be uploaded to any of these sites; this would
cause numerous infections at the same time which could serve as a
distribution network for a variety of malware.

Queensland-based NOD32 said a machine which was infected by one
of the trojans which it had tracked would be unable to update its
antivirus program, as the trojan would overwrite the host file that
Windows uses to manually override DNS names.

Email security firm Clearswift, which had spotted one trojan,
said it would disable antivirus and security software and quoted
another A-V firm F-Secure as saying the trojan interfered with the
Windows Background Intelligent Transfer Services, used by Windows
Update.